LAGIMONIER et al. - Appln. No. 09/932,982 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of 
claims in the application: 

Listing of Claims: 

1. (currently amended) A method of processing out-of-order 
message[[s]] packets , comprising: 

obtaining determin i ng, w i th a socur o communicat i on modu le of a 
r e ceiv i ng c lie nt d e v i ce, a maximum largest nonce value y e t s e en from a p l ura li ty 
of nonc e va l u e s of out of ord e r m e ssag e s ; 

comparing, with said secure communication module of said 
receiving client device, a nonce value of a received out-of-order message packet 
with said a largest nonce value yet seen; 

comparing, with said secure communication module of said 
receiving client device, sa i d nonc e va l ue to nonc e va l u e s with i n a s i ngl e r o p l ay 
attack acc e ptanc o w i ndow i n r e sponse to sa i d nonco valu o not exceed i ng said 
largest nonce value yet seen with said maximum largest nonce value : adjusting, 
w i th sa i d s e cur e communicat i on modu l o of sa i d rec ei v i ng client d o v i co, a s i zo of 
a rang e of acc e ptab le nonc e va l u e s w i th i n sa i d s i ng le r e p l ay attack acc e ptanc e 
w i ndow, whore said siz e of sa i d range i s bas e d on said determin e d l argest nonco 
valu e y e t s ee n; and 

resetting said largest nonce value vet seen and generating a new 
cryptographic key when said largest nonce value vet seen exceeds said 
maximum largest nonce value r e j e ct i ng, — with — said — s e cur e — commun i cat i on 
modulo of sa i d roco i v i ng c li ont d e v i c e , sa i d rece i ved out of order m e ssag e i f said 
nonc e va l u e fa ll s outs i d e sa i d s i ng le r e p l ay attack acc e ptanc e window . 
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2. (previously presented) The method according to claim 1, further 

comprising: 

designating, with said secure communication module of said 
receiving client device, said nonce value as said largest nonce value yet seen if 
said nonce value exceeds said largest nonce value yet seen. 

3. (previously presented) The method according to claim 1, further 

comprising: 

replacing, with said secure communication module of said receiving 
client device, said largest nonce value yet seen with said nonce value if said 
nonce value exceeds said largest nonce value yet seen. 

4. (previously presented) The method according to claim 1, further 

comprising: 

adjusting, with said secure communication module of said receiving 
client device, sate a single replay attack acceptance window if said nonce value 
exceeds said largest nonce value yet seen. 

5. (currently amended) The method according to claim 1, further 

comprising: 

designating, with said secure communication module of said 
receiving client device, said received out-of-order message packet as a replay 
attack. 
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6. (currently amended) The method according to claim 1, further 

comprising: 

comparing, with said secure communication module of said 
receiving client device, said nonce value to a window mask value if said nonce 
value falls within said single replay attack acceptance window; and 

rejecting, with said secure communication module of said receiving 
client device, said received out-of-order message packet if said nonce value is 
within said window mask value. 

7. (currently amended) The method according to claim 6, further 

comprising: 

designating, with said secure communication module of said 
receiving client device, said received out-of-order message packet as part of a 
replay attack. 

8. (currently amended) The method according to claim 1, further 

comprising: 

comparing, with said secure communication module of said 
receiving client device, said nonce value to a window mask value if said nonce 
value falls within said single replay attack acceptance window; and 

accepting, with said secure communication module of said 
receiving client device, said received out-of-order message packet if said nonce 
value is outside said single replay attach acceptance window. 

9. (previously presented) The method according to claim 8, further 

comprising: 

designating, with said secure communication module of said 
receiving client device, said nonce value as a largest nonce value yet seen. 
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10. (currently amended) An apparatus for processing out-of-order 
message[[s]] packets , said apparatus comprising: 

a receiving communication interface configured to transmit and 
receive a plurality of packets; and 

a receiving controller, wherein said receiving controller is 

configured to: 

obtain d e t e rmin e a maximum largest nonce value y e t s ee n 
from a p l ura l ity of nonc e va l u e s of out - of - ord e r m e ssag e s ; 

compare a nonce value of a received out-of-order message 
packet and said a largest nonce value yet seen; 

compare said largest nonce value vet seen to nonc e va l u e s 
w i th i n a s i ng le r e p l ay attack a cc e ptanc e w i ndow i n r e spons e to sa i d 
nonc e va l u e not e xc ee d i ng with said maximum largest nonce value 
y e t s ee n ; a djust a s i z e of a rang e of a cc e ptab le nonc e va l u e s 
w i thin said s i ng le r e p l ay attack acc e ptanc e window, wh e r e sa i d s i z e 
of sa i d rang e i s b a s e d on sa i d d e t e rm i n e d l arg e st nonc e va l u e y e t 
so o n; and 

resetting said largest r e j e ct said — r e c ei v e d — out - of - ord e r 
m e ssag e i f sa i d nonce value fa ll s outsid e sa i d s i ngl e r e p l ay attack 
a cc e ptanc e w i ndow vet seen and generating a new cryptographic 
key when said largest nonce value vet seen exceeds said 
maximum largest nonce value . 

11. (previously presented) The apparatus according to claim 10, 

wherein: 

said receiving controller is further configured to designate said 
nonce value as said largest nonce value yet seen if said nonce value exceeds 
said largest nonce value yet seen. 
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12. (currently amended) The apparatus according to claim 10, 

wherein: 

said receiving controller is further configured to adjust said a single 
replay attack acceptance window if said largest nonce value yet seen exceeds 
said largest nonce value yet seen. 

13. (previously presented) The apparatus according to claim 10, 

wherein: 

said receiving controller is further configured to replace said largest 
nonce value yet seen with said nonce value if said nonce value exceeds said 
largest nonce value yet seen. 

14. (currently amended) The apparatus according to claim 10, 

wherein: 

said receiving controller is further configured to designate said 
received out-of-order message packet as part of a replay attack. 

15. (currently amended) The apparatus according to claim 10, 
wherein said controller is further configured to: 

compare said nonce value to a window mask value if said nonce 
value falls within sate a single replay attack acceptance window; and 

reject said received out-of-order message packet if said nonce 
value falls outside said single replay attack acceptance window. 

16. (currently amended) The apparatus according to claim 15, 

wherein: 

said receiving controller is further configured to designate said 
received out-of-order message packet as part of a replay attack. 
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17. (currently amended) The apparatus according to claim 10, 
wherein said controller is configured to: 

compare said nonce value to a replay attack acceptance window 
value if said nonce value falls within said single replay attack acceptance 
window; and 

accept said received out-of-order message packet if said nonce 
value falls within said single replay attack acceptance window. 

18. (previously presented) The apparatus according to claim 17, 

wherein: 

said receiving controller is further configured to mark said nonce 
value as said largest nonce value yet seen. 
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19. (currently amended) A non-transitorv computer readable 
storage medium on which is embedded one or more computer programs, said 
one or more computer programs implementing a method of processing out-of- 
order message[[s]] packets , said one or more computer programs comprising a 
set of instructions for: 

obtaining d e t e rm i ning, w i th a s e cur e commun i cat i on modu le of a 
r e c ei v i ng c l i e nt d e v i c e, a maximum largest nonce value y e t s ee n from a p l ur ali ty 
of nonc e va l u e s of out of ordor m e ssages ; 

comparing, with said secure communication module of said 
receiving client device, a nonce value of a received out-of-order message packet 
and said a largest nonce value yet seen; 

comparing, with said secure communication module of said 
receiving client device, said nonce va l u e to nonc e va l u e s w i th i n a s i ng le r e play 
attack acc e ptance w i ndow in r e spons e to sa i d nonco va l u o not e xceeding said 
largest nonce value yet seen with said maximum largest nonce value ; a djust i ng, 
w i th sa i d s e cur e commun i cat i on modu le of sa i d r e c ei v i ng c lie nt d e v i c e , a s i z e of 
a rang e of acc e ptab le nonc e va l u e s with i n said s i ng le r e play attack acc e ptanc e 
w i ndow, wh o r o said siz e of sa i d rango i s basod on sa i d d e t e rm i ned larg e st nonc e 
valu e yet soon; and 

resetting said largest nonce value vet seen and generating a new 
cryptographic key when said largest nonce value vet seen exceeds said 
maximum largest nonce value r e j e ct i ng, w i th sa i d s e cur e commun i cat i on modu le 
of sa i d rece i ving cli e nt d e v i c e , sa i d r o c oi v e d out of order mossag o i f sa i d nonc o 
valu e not fal l s w i th i n sa i d s i ng l e rop l ay attack accoptance w i ndow . 

20. (previously presented) The computer readable storage medium 
in according to claim 19, said one or more computer programs further comprising 
a set of instructions for: 

designating, with said secure communication module of said 
receiving client device, said nonce value as said largest nonce value yet seen if 
said nonce value exceeds said largest nonce value yet seen. 



-8- 



LAGIMONIER et al. - Appln. No. 09/932,982 



21. (previously presented) The computer readable storage medium 
in according to claim 19, said one or more computer programs further comprising 
a set of instructions for: 

replacing, with said secure communication module of said receiving 
client device, said largest nonce value yet seen with said nonce value if said 
nonce value exceeds said largest nonce value yet seen. 

22. (currently amended) The computer readable storage medium in 
according to claim 19, said one or more computer programs further comprising a 
set of instructions for: 

adjusting, with said secure communication module of said receiving 
client device, saM a single replay attack acceptance window based on said 
nonce value if said nonce value exceeds said largest nonce value yet seen. 

23. (currently amended) The computer readable storage medium in 
according to claim 19, said one or more computer programs further comprising a 
set of instructions for: 

designating, with said secure communication module of said 
receiving client device, said received out-of-order message packet as a replay 
attack. 

24. (currently amended) The computer readable storage medium in 
according to claim 19, said one or more computer programs further comprising a 
set of instructions for: 

comparing, with said secure communication module of said 
receiving client device, said nonce value to a window mask value if said nonce 
value falls within sai4 a single replay attack acceptance window; and 

rejecting, with said secure communication module of said receiving 
client device, said received out-of-order message packet if said nonce value falls 
outside said single replay attack acceptance window. 
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25. (currently amended) The computer readable storage medium in 
according to claim 24, said one or more computer programs further comprising a 
set of instructions for: 

designating, with said secure communication module of said 
receiving client device, said received out-of-order message packet as part of a 
replay attack. 

26. (currently amended) The computer readable storage medium in 
according to claim 19, said one or more computer programs further comprising a 
set of instructions for: 

comparing, with said secure communication module of said 
receiving client device, said nonce value to a window mask value if said nonce 
value falls within said a single replay attack acceptance window; and 

accepting, with said secure communication module of said 
receiving client device, said received out-of-order message packet if said nonce 
value falls within said single replay attack acceptance window. 

27. (previously presented) The computer readable storage medium 
in according to claim 26, said one or more computer programs further comprising 
a set of instructions for: 

designating, with said secure communication module of said 
receiving client device, said nonce value as said largest nonce value yet seen. 
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28. (currently amended) A system for processing out-of-order 
message[[s]] packets in a peer-to-peer configuration, comprising: 

a first peer configured to provide secure communication; 

a second peer configured to provide said secure communication; 

and 

a receiving secure communication module configured to be 
executed by said first peer and second peer, wherein said receiving secure 
communication module is configured to: 

obtain d e t e rm i n e a maximum largest nonce value y e t s ee n 
from a p l ura l ity of nonco va l u e s of a out of ordor m e ssages ; 

compare a nonce value to a f il t e r i n r e spons e to sa i d nonc e 
va l ue of a received out-of-order packet not e xc ee d i ng saM a largest 
nonce value yet seen; 

compare said largest nonce value vet seen with said largest 
nonce value to nonce valu e s w i thin a s i ng l e rop l ay attack mask ; 
adjust a s i z e of a rango of acc e ptab le nonc e va l u e s w i th i n sa i d 
sing le r e p l ay attack mask, whoro said s i z e of sa i d rang o i s bao o d 
on sa i d d e t e rm i n e d larg e st nonc e va l u e y e t s ee n; and 

reset said largest nonce value vet seen and generate a new 
cryptographic key when said largest nonce value vet seen exceeds 
said maximum largest nonce value acc e pt sa i d r e ce i ved out of 
ord e r packet i f sa i d nonco va l u e fa ll s w i th i n sa i d s i ng le r o p l ay attack 
mask . 
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29. (previously presented) The system according to claim 28, 

wherein: 

said receiving secure communication module is further configured 
to designate said nonce value as said largest nonce value yet seen if said nonce 
value exceeds said largest nonce value yet seen. 

30. (currently amended) The system according to claim 28, 

wherein: 

said receiving secure communication module is further configured 
to adjust said a single replay attack mask based on said largest nonce value yet 
seen if said nonce value exceeds said largest nonce value yet seen. 

31. (currently amended) The system according to claim 28, 

wherein: 

said receiving secure communication module is further configured 
to reject said received out-of-order packet if said nonce value falls outside said a 
single replay attack mask. 

32. (previously presented) The system according to claim 31, 

wherein: 

said receiving secure communication module is further configured 
to designate said received out-of-order packet as part of a replay attack. 

33. (currently amended) The system according to claim 32, 

wherein: 

said receiving secure communication module is further configured 
to reject said received out-of-order packet if said nonce value falls outside said a 
single replay attack mask. 
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34. (previously presented) The system according to claim 33, 

wherein: 

said receiving secure communication module is further configured 
to designate said received out-of-order packet as part of a replay attack. 

35. (currently amended) The system according to claim 28, 

wherein: 

said receiving secure communication module is further configured 
to reject said received out-of-order packet if said nonce value falls outside said a 
single replay attack mask; and 

said receiving secure communication module is further configured 
to designate said received out-of-order packet as part of a replay attack. 
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36. (currently amended) A receiving interceptor device for 
processing out-of-order message[[s]] packets , said receiving interceptor device 
comprising: 

a network interface; 

an expected sequence register configured to enumerate an 
expected sequence number of a message packet received out-of-order from a 
second network device; a memory configur e d to store a s i ng le r e p l ay attack 
mask; and 

a receiving controller, wherein said receiving controller is 

configured to: 

obtain d e t e rm i ne a maximum largest nonce value y e t soon 
from a p l ura li ty of nonc o va l u e s of out of ord e r m e ss a g e s ; 

compare a nonce value to a f il t e r i n r e spons e to a s e qu e nc e 
number of a received out-of-order message packet with a vi a s a id 
n e twork i nt e rfac e do e s not e xc ee d sa i d largest nonce value yet 
seen r e tr ie v e d from sa i d exp e ct e d s e quenc e r e g i st e r ; 

compare said largest nonce value vet seen with said 
maximum largest nonce value s e qu e nc e number to sa i d s i ngl e 
r e p l ay attack mask r e tr i eved from sa i d m e mory; a djust a s i z e of a 
rang e of acc e ptab le nonc e va l u e s w i th i n sa i d singl e r e p l ay attack 
mask, whore sa i d s i z e of sa i d rango i s bas e d on sa i d determin e d 
l arg e st nonc e va l u e y e t s ee n ; and 

reset said largest nonce value vet seen and generate a new 
cryptographic key when said largest nonce value vet seen exceeds 
said maximum largest nonce value acc e pt sa i d r e c ei v e d out of 
ord e r pack e t i f said sequ e nc e numb e r fal l s w i th i n sa i d sing le rep l ay 
attack mask . 
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37. (previously presented) The receiving interceptor device 
according to claim 36, wherein: 

said controller is further configured to designate said sequence 
number as said largest nonce value yet seen if said sequence number exceeds 
said largest sequence number yet seen. 

38. (previously presented) The receiving interceptor device 
according to claim 36, wherein: 

said controller is further configured to adjust said single replay 
attack mask based on said largest nonce value yet seen if said sequence 
number exceeds said largest nonce value yet seen. 

39. (currently amended) The receiving interceptor device according 
to claim 36, wherein: 

said controller is further configured to reject said received out-of- 
order packet if said sequence number falls outside said a single replay attack 
mask. 

40. (previously presented) The receiving interceptor device 
according to claim 36, wherein: 

said controller is further configured to designate said received out- 
of-order packet as part of a replay attack. 

41. (currently amended) The receiving interceptor device according 
to claim 36, wherein: 

said controller is further configured to reject said received out-of- 
order packet if said sequence number falls outside said a single replay attack 
mask. 
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42. (previously presented) The receiving interceptor device 
according to claim 41 , wherein: 

said controller is further configured to designate said received out- 
of-order packet as part of a replay attack. 

43. (currently amended) The receiving interceptor device according 
to claim 36, wherein: 

said controller is further configured to reject said received out-of- 
order packet if said sequence number falls outside said a single replay attack 
mask; and 

said controller is further configured to designate said received out- 
of-order packet as part of a replay attack. 
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